<?php
$root = $_SERVER['DOCUMENT_ROOT'];
include($root . "/util/session.php");
include($root . "/util/privilege_check.php");
checkPrivilege("admin");

if ($_SERVER["REQUEST_METHOD"] == "POST") {
	$username = mysqli_real_escape_string($db, $_POST['username']);
	$sql_query = "select * from users where username = '$username'";
	$result = mysqli_query($db, $sql_query);
	//check if user exists
	if (mysqli_num_rows($result) == 0) {
		$error = "User doesn't exist";
	} else {
		$full_name = mysqli_real_escape_string($db, $_POST['full_name']);
		$usertype = mysqli_real_escape_string($db, $_POST['usertype']);
		$ssn = mysqli_real_escape_string($db, $_POST['ssn']);
		$gender = mysqli_real_escape_string($db, $_POST['gender']);
		$phone = mysqli_real_escape_string($db, $_POST['phone']);
		$email = mysqli_real_escape_string($db, $_POST['email']);
		$password = mysqli_real_escape_string($db, $_POST['password']);
		if ($password != "") {
			$newpassword = true;
			$hash = password_hash($password, PASSWORD_DEFAULT);
			$users_sql_query = "UPDATE `users` SET `password` = '$hash', `usertype` = '$usertype' WHERE `users`.`username` = '$username'";
		} else {
			$users_sql_query = "UPDATE `users` SET `usertype` = '$usertype' WHERE `users`.`username` = '$username'";
		}
		$users_result = mysqli_query($db, $users_sql_query);
		$user_info_sql_query = "UPDATE `user_info` SET `full_name` = '$full_name', `ssn` = '$ssn', `gender` = '$gender', `phone` = '$phone', `email` = '$email' WHERE `user_info`.`login` = '$username'";
		$user_info_result = mysqli_query($db, $user_info_sql_query);
		if ($users_result && $user_info_result) {
			header("Location: /admin/admin.php?msg=User modified");
		}
	}
} else {
	$login = mysqli_real_escape_string($db, $_GET['login']);
	$query = "SELECT * FROM users join user_info on users.username=user_info.login where users.username='$login'";
	$result = mysqli_query($db, $query);
	if (mysqli_num_rows($result) == 0) {
		$error = "no such user";
		exit;
	} else {
		$row = mysqli_fetch_assoc($result);
	}
}
?>

<head>
	<title>Modify a user</title>
	<link rel="stylesheet" type="text/css" href="adminStyle.css">
</head>

<?php
include($root . "/admin/header.php");
?>
<main>
	<html>
	<body>

		<li><a href="/admin/admin.php">Back</a></li>
		<form action="/admin/userMod.php" method="post">
			<label for="username">Username of user to modify</label><br>
			<input type="text" id="username" name="username" value="<?php echo $row['username'] ?>"><br>
			<label for="password">User password:</label><br>
			<input type="password" id="password" name="password"><br>
			<label for="full_name">Full name:</label><br>
			<input type="text" id="full_name" name="full_name" value="<?php echo $row['full_name'] ?>"><br>
			<label for="usertype">User type:</label><br>
			<input type="radio" id="student" name="usertype" value="student" <?php if ($row['usertype'] == "student") {
																					echo 'checked';
																				} ?>>
			<label for="student">Student</label><br>
			<input type="radio" id="teacher" name="usertype" value="teacher" <?php if ($row['usertype'] == "teacher") {
																					echo 'checked';
																				} ?>>
			<label for="teacher">Teacher</label><br>
			<input type="radio" id="admin" name="usertype" value="admin" <?php if ($row['usertype'] == "admin") {
																				echo 'checked';
																			} ?>>
			<label for="admin">Admin</label><br>
			<label for="ssn">Social Security Number:</label><br>
			<input type="text" id="ssn" name="ssn" value="<?php echo $row['full_name'] ?>"><br>
			<label for="gender">Gender:</label><br>
			<input type="text" id="gender" name="gender" value="<?php echo $row['gender'] ?>"><br>
			<label for="phone">Phone Number:</label><br>
			<input type="text" id="phone" name="phone" value="<?php echo $row['phone'] ?>"><br>
			<label for="email">Email Address:</label><br>
			<input type="email" id="email" name="email" value="<?php echo $row['email'] ?>"><br>
			<input type="submit" value="Submit">
		</form>
		<div style="font-size:11px; color:#cc0000; margin-top:10px"><?php if (isset($error)) {
																		echo $error;
																	} ?></div>


	</body>

	</html>
</main>

<?php
include($root . "/admin/footer.php");
?>